Xcode6 code signing required for referenced frameworks?

Question

Xcode 6.1.1

We are trying to sign our app for distribution (or even just to test on physical device). We have a referenced framework in our project. We were under the impression that we should only sign our app itself (and we have all code signing identities, provisioning profiles, etc. set up), but we should not sign this external framework, since we didn't write it. It should be getting its code signing credentials from the parent project.

However every time we try to run on physical device, this referenced framework throws a build error: "CodeSign error: code signing is required for product type 'Framework' in SDK 'iOS 8.1'".

Does this mean we actually have to code sign this?

Specifically, the framework we're trying to use is Alamofire.

Answer 1

I think it depends on where those frameworks come from:

• If they're yours (i.e. internal library you're bundling with your project), you need to sign them.
• If they come from an open source project that you're building from source (i.e. a pod from Cocoapods) you'll have to sign them.
• If they come from a 3rd-party developer they should already be signed.

There's a a step called "Embed Frameworks" under "Build Phases" of the target where you can specify which framework to embed in your bundle and what to code sign:

It doesn't matter if they already have a signature: yours will replace whatever was there.

You can always check the certificate status of a framework with the codesign command line tool:

xcrun codesign --verify --verbose [MYFramework.framework/MYFramework]

and print the singing entity with:

xcrun codesign --display --verbose [MYFramework.framework/MYFramework]